You didn't say the phone adapter could be infected but you seemed to indicate that you had an issue with forwarding tftp to your Vonage router. If the Vonage router can not be infected, then what does it matter?

You didn't say the phone adapter could be infected but you seemed to indicate that you had an issue with forwarding tftp to your Vonage router. If the Vonage router can not be infected, then what does it matter?

I was originally going to argue the opposite, but kevin does have a point, even if it's on the paranoid side. He's uneasy about forwarding all incoming TFTP traffic to the Vonage device, because nobody really knows what happens after it gets there.

Let's make the unlikely-but-not-completely-impossible assumption that the router is hosting a public TFTP server. Anyone could connect from the Internet to upload and download files. Even if those files can not be executed on the router, someone could still create a worm which gets into a Windows box and tells it to download a copy of itself from Kevin's IP address. It would use up his bandwidth, and make him a target for investigation, because his IP address is hard-coded into the worm.

I know the scenario is unlikely, and I wouldn't be worried about it myself, but he did say himself that he was paranoid. It would be incredibly stupid for Vonage or Linksys to make every box a public TFTP server, but we don't know for sure that that isn't the case.

Anyway, I don't really know where I'm going with this... By plugging the RT31P2 (or any hardware) directly into your internet connection, you just need to have a certain level of trust that the hardware isn't going to be hosting public services for everyone.

Let's make the unlikely-but-not-completely-impossible assumption that the router is hosting a public TFTP server. Anyone could connect from the Internet to upload and download files. Even if those files can not be executed on the router, someone could still create a worm which gets into a Windows box and tells it to download a copy of itself from Kevin's IP address. It would use up his bandwidth, and make him a target for investigation, because his IP address is hard-coded into the worm.

I know the scenario is unlikely, and I wouldn't be worried about it myself, but he did say himself that he was paranoid. It would be incredibly stupid for Vonage or Linksys to make every box a public TFTP server, but we don't know for sure that that isn't the case.

To try and lay to rest one of the stupidest scenarios I've ever seen discussed here, I opened up port 69 and tried to TFTP to the RT31P2 from the Internet side. As expected, the router doesn't respond to GET or PUT commands at all...there's simply no TFTP server running on the Vonage adapter. So even if someone wanted to write the world's most pointless worm, they wouldn't have a place to put it anyway.

I could be wrong but I believe the reason the instructions say to open all those ports are due to the way some firewalls are setup and deployed. By default some firewalls block ALL traffic to and from the LAN. Not all firewalls allow all traffic originating from the LAN to wherever outbound by default. It's up to the Admin. to open the approp. ports inbound and out. Others allow all outbound traffic originating from the LAN by default. In this case you would not need to open these ports.

Vonage is not too short sighted.. The company I work for is about to roll out Voip and we are going to require the end user to use our sipura adapaters. It makes it 100% easier for tech support to trouble shoot issues. Plus they can be much more intelligant.

It also gives us more control over things.

So, which would you prefer?

1) A happy customer who pays you money and doesn't bother you or your customer support about anything, or2) No customer at all.

Companies that insist on using an inferior ATA system push the technically inclined people into #2. It looks like I can add your company to the list of people to not do business with as well. I'm stuck with Vonage for now because of the difficulty of getting my LNP-ported number back (we've moved since then). If they were not holding my number hostage, you'd all be waving me goodbye already and telling me not to let the door hit me on the way out.

Vonage is not too short sighted.. The company I work for is about to roll out Voip and we are going to require the end user to use our sipura adapaters. It makes it 100% easier for tech support to trouble shoot issues. Plus they can be much more intelligant.

It also gives us more control over things.

So, which would you prefer?

1) A happy customer who pays you money and doesn't bother you or your customer support about anything, or2) No customer at all.

How about a combination of the two? The only other option is customer #3, who insists on doing his own thing and will eat you alive in support costs. That makes him a more expensive customer, and you either chase him away or end up subsidizing his costs at the expense of higher fees for eveyone else.

That's the real world, my friend. You can't make everyone happy, and sometimes it IS better to turn business away.

Well, I'm sure we WOULD allow a customer to bring their own device... but they have to realize:

A) We will be unable to support it any more then.. yup it's associating to us.B) Since we can not provide firmware upgrades, or make changes to it, service may not be as it is for the rest of our customers... ie I can change the codec on customers ATA's and set them higher, lower, etc... if you own your device you have to do that... and some features of our service may or may not work for you.

ToddlerTN: Yes, you're right. There is a potential #3, but only if you're not careful. Suppose Vonage were to keep on providing the ATA and only supporting the ATA, but on the web site have a place where you can generate user/password for an alternative sip login with huge big "UNSUPPORTED" and "DO NOT PHONE FOR SUPPORT" warnings, then they can answer #3 calls with 'Too bad, plug the ATA back in". Sure, some people will still try and call no matter how many "I agree" things they have to click to get a password, but you can close the call really quick. I for one, would be absolutely thrilled to have this as a service alternative for Vonage.

Trying to support third party ATA/IP-phone/IP-PBX etc configurations is a nightmare. There are so many ways that somebody can screw up the configuration on the device. So don't provide support for them. But that doesn't mean they have to be prohibited for the people that can self-support and don't need or want hand-holding.